Table of Contents
Advertisement
Creating a Policy Setting
Protocols Affected by the Policy Setting
Insecure Protocols
© Copyright Lenovo 2018
The policy setting can be either secure (IOM is in secure mode) or legacy (IOM is in
legacy mode). In secure mode, only communication protocols that are deemed
secure can be used; most protocols that are not deemed secure are disabled. In
legacy mode setting, all protocols are allowed (LIOM behavior).
To display the current policy setting, enter:
NE2552E(config)# show boot security-policy
Note: Security policy can be applied only from CMM. You must reboot the IOM
for a new policy setting to be applied.
This section explains which protocols can and cannot operate in secure mode on
the NE2552E Flex Switch.
When you are in Secure Mode, the following protocols are deemed "insecure" and
are disabled:
HTTP
LDAP Client
SNMPv1
SNMPv2
Telnet (server and client)
FTP (server and client)
Radius (client)
TFTP Server
Except for the TFTP server, these protocols cannot be enabled when the switch is
operating in Secure Mode because the commands to enable or disable them are no
longer enabled.
The following protocols, although deemed "insecure," are enabled by default and
can be disabled.
DHCP client
SysLog
Note: Service Location Protocol (SLP) Discovery is also deemed "insecure" but is
unaffected by Secure Mode. SLP has the same default settings as in Legacy Mode.
If you can enable or disable SLP in Legacy Mode, you can enable or disable it the
same way in Secure Mode.
The following supported protocols are not enabled by default but can always be
enabled in Secure Mode.
DNS Resolution
Chapter 37: Secure Input/Output Module
525
- Quick Links:
- Part 3: Switch Basics
Hide quick links:
Advertisement
Table of Contents
